The workaround to block the domains that contain Unicode characters while Chrome and Firefox solve this vulnerability is to block the request that arrives at the proxy and contains "xn --" on the GET request.
To block this GET request you can create a new rule under a Web Access Layer where destination is configured as Destination Host/Port
and using Host containing xn --
CPL code to apply the previous rule:
define condition UnicodeBlocking
- This is a temporary workaround until this vulnerability is fixed in Chrome and Firefox.
- This workaround blocks trusted and untrusted sites.